diff --git a/lib/jam_ruby/app/mailers/user_mailer.rb b/lib/jam_ruby/app/mailers/user_mailer.rb index c231827c6..8be2e6c0f 100644 --- a/lib/jam_ruby/app/mailers/user_mailer.rb +++ b/lib/jam_ruby/app/mailers/user_mailer.rb @@ -29,15 +29,6 @@ module JamRuby end end - def reset_password(user) - @user = user - sendgrid_unique_args :type => "reset_password" - mail(:to => user.email, :subject => "Jamkazam Reset Password") do |format| - format.text - format.html - end - end - def password_changed(user) @user = user sendgrid_unique_args :type => "password_changed" @@ -46,5 +37,14 @@ module JamRuby format.html end end + + def password_reset(user) + @user = user + sendgrid_unique_args :type => "password_reset" + mail(:to => user.email, :subject => "Jamkazam Password Reset") do |format| + format.text + format.html + end + end end end diff --git a/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.html.erb b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.html.erb new file mode 100644 index 000000000..5865b73ed --- /dev/null +++ b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.html.erb @@ -0,0 +1,7 @@ + + +Reset Password! <%= @user.email %> +
+Here is the token: <%= @user.reset_password_token %> + + diff --git a/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.text.erb b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.text.erb new file mode 100644 index 000000000..263a237f2 --- /dev/null +++ b/lib/jam_ruby/app/views/jam_ruby/user_mailer/password_reset.text.erb @@ -0,0 +1,2 @@ +Reset Password! <%= @user.email %> +Here is the token: <%= @user.reset_password_token %> diff --git a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.html.erb b/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.html.erb deleted file mode 100644 index 0b757c910..000000000 --- a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.html.erb +++ /dev/null @@ -1,5 +0,0 @@ - - -Reset Password! <%= @user.email %> - - \ No newline at end of file diff --git a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.text.erb b/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.text.erb deleted file mode 100644 index 6507fcc0b..000000000 --- a/lib/jam_ruby/app/views/jam_ruby/user_mailer/reset_password.text.erb +++ /dev/null @@ -1 +0,0 @@ -Reset Password! <%= @user.email %> \ No newline at end of file diff --git a/lib/jam_ruby/constants/validation_messages.rb b/lib/jam_ruby/constants/validation_messages.rb index 08dfa17bf..80379f92f 100644 --- a/lib/jam_ruby/constants/validation_messages.rb +++ b/lib/jam_ruby/constants/validation_messages.rb @@ -1,4 +1,6 @@ module ValidationMessages + + # Note that these are not set up to be internationalizable # general messages PERMISSION_VALIDATION_ERROR = "You do not have permissions to perform this action." @@ -27,5 +29,6 @@ module ValidationMessages # user OLD_PASSWORD_DOESNT_MATCH = "Your old password is incorrect." + EMAIL_NOT_FOUND = "Email address not found." -end \ No newline at end of file +end diff --git a/lib/jam_ruby/models/user.rb b/lib/jam_ruby/models/user.rb index cb9e73019..9631bf2a0 100644 --- a/lib/jam_ruby/models/user.rb +++ b/lib/jam_ruby/models/user.rb @@ -178,15 +178,42 @@ module JamRuby def set_password(old_password, new_password, new_password_confirmation) raise JamRuby::JamArgumentError unless authenticate old_password + change_password(new_password, new_password_confirmation) + save + end + + def self.set_password_from_token(email, token, new_password, new_password_confirmation) + user = User.find_by_email(email) + if user.nil? || user.reset_password_token != token || Time.now - user.reset_password_token_created > 3.days + raise JamRuby::JamArgumentError + end + user.reset_password_token = nil + user.reset_password_token_created = nil + user.change_password(new_password, new_password_confirmation) + user.save + end + + def change_password(new_password, new_password_confirmation) # FIXME: Should verify that the new password meets certain quality criteria. Really, maybe that should be a # verification step. + self.updating_password = true self.password = new_password self.password_confirmation = new_password_confirmation - save UserMailer.password_changed(self).deliver end + def self.reset_password(email) + user = User.find_by_email(email) + raise JamRuby::JamArgumentError if user.nil? + + user.reset_password_token = SecureRandom.urlsafe_base64 + user.reset_password_token_created = Time.now + user.save + + UserMailer.password_reset(user).deliver + end + def self.band_index(user_id) bands = Band.joins(:band_musicians) .where(:bands_musicians => {:user_id => "#{user_id}"}) @@ -661,5 +688,6 @@ module JamRuby end end end + end end diff --git a/spec/jam_ruby/models/user_spec.rb b/spec/jam_ruby/models/user_spec.rb index 72b6bd9eb..b6f80c8f6 100644 --- a/spec/jam_ruby/models/user_spec.rb +++ b/spec/jam_ruby/models/user_spec.rb @@ -151,7 +151,39 @@ describe User do end + describe "reset_password" do + before do + @user.confirm_email! + @user.save + end + + it "fails if the provided email address is unrecognized" do + expect { User.reset_password("invalidemail@invalid.com") }.to raise_error + end + it "assigns a reset_token and reset_token_created on reset" do + User.reset_password(@user.email) + @user.reload + @user.reset_password_token.should_not be_nil + @user.reset_password_token_created.should_not be_nil + @user.reset_password_token_created.should <= Time.now + @user.reset_password_token_created.should >= Time.now - 1.minute + end + + it "errors if the wrong token is comes in" do + User.reset_password(@user.email) + @user.reload + expect { User.set_password_from_token(@user.email, "wrongtoken", "newpassword", "newpassword") }.to raise_error + end + + it "changes the password if the token is right" do + User.reset_password(@user.email) + @user.reload + User.set_password_from_token(@user.email, @user.reset_password_token, "newpassword", "newpassword") + User.authenticate(@user.email, "newpassword").should_not be_nil + @user.reload + end + end describe "return value of authenticate method" do before { @user.save } @@ -220,4 +252,4 @@ describe User do end end -end \ No newline at end of file +end